Let’s assume that you want to add an ssl certificate with certbot for your subdomain: subdomain.domain.com
(replace with the desired subdomain)
Prerequisites: nginx
First, edit the following reverse-proxy
/etc/nginx/sites-enabled/reverse-proxy
and add the following new server
server{ listen 80; server_name subdomain.domain.com; }
Run certbot and follow the instructions:
sudo certbot --nginx
For reverse proxy, add the following location to the newly created “server” by certbot.
Change PORT and subdomain.domain.com accordingly.
server { server_name subdomain.domain.com; location / { proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:PORT; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
restart ngninx:
systemctl restart nginx